How to Use Firefox Containers for Easy IDOR Hunting (With Demo!)
ฝัง
- เผยแพร่เมื่อ 21 ก.พ. 2020
- This didn't quite make it into the IDOR video because I thought it was confusing, but I really do think Firefox containers are great so I wanted to do a demo. In this video, I show a demo of how you can use Firefox containers to up your IDOR game. Bonus, this video is 100% live bug bounty demo, using containers and finding IDORs.
'Katie Explains' videos are going to be shorter videos about smaller topics that don't need more in-depth explanations, which are news/updates or that update or give extra info to an existing video. I would usually just reply to these or tweet or something but I decided to make a video so more people will see the info!
Want more info on IDORs? I have a video on that: • Finding Your First Bug...
Link to the plugin: addons.mozilla.org/en-GB/fire...
![[Full Episode] MasterChef Junior Thailand มาสเตอร์เชฟ จูเนียร์ ประเทศไทย Season 3 Episode 5](http://i.ytimg.com/vi/g5wpgeAIzMs/mqdefault.jpg)
![USAB Showcase: CANADA vs USA [OFFICIAL STREAM]](http://i.ytimg.com/vi/m9Cz3xsdDgc/mqdefault.jpg)
Hey katie! Thanks for bringing out these materials. These are helping me so much.
I must say. Your videos are absolutely on point. Very informative, thank you for sharing your knowledge, it is extremely important and I find your content very relatable and simple to follow A++
Thanks so much for this. I used to test from Incognito to my main Chrome or Firefox app. This would surely make it easier for me to add more users. I appreciate
very nice explained, well done with all the videos :)
That's really what I wanted, Thanks a lot!
Thank you Katie, very useful video. Tbh I didn't know about FF containers :P
everyday learning something new, thanks
Thanks for sharing. Really cool trick.
Thanks Kattie this is useful indeed :)
You can use burp comparer instead of switching to different tools to find similarities
thanks for the lesson i am learning much
Hello Katie! I know this is an older video now but I was wondering if you fill up your burp suite first before you started testing a target or do you test as you discover endpoints? If its the later how do you notate the endpoints you've confirmed are not vulnerable? If you have a video on this already I'd be happy to give it a watch
Thanks so much!
Love to watch .... Love u
Awesome content.! I always use to struggle between switching tabs from normal to private mode to test for idors. Is it possible for you to show some refrences on chaining the bugs
Yes! I’m hoping to show something once I finally finish the damn Blind XSS vidéo showing some potential big chains to go from a medium->high
Great video Katie, could you demo Autorize and AutoRepeater in future for IDOR Hunting?
I actually think STÖKs video on those are much better than anything I could make th-cam.com/video/3K1-a7dnA60/w-d-xo.html
Hey Katie, you can use Comparer tab in Burp Suite to find the difference
I know don't worry! I just had a brain bleh and forgot about the feature lmao. It happens, I'm not perfect :P
Katie, I have a question. If it is silly question, forgive me, because im still learning. You tried to switch cookies, and do some actions for another account, but .. Shouldn't you just first check cookie flag, and if it's HttpOnly and you know, you cant do stuff like this?
Good one Katie! Thanks for sharing.. Even Tumblr responded with a "leet" to your request (at 3:56).. Hahaha.. Any reason why you searched online for a diff tool rather than using Comparer? Just curious.. Thanks again
Just completely blanked :P I program in my day job so I'm really used to just googling for a diff tool I just forget burp has one built in!
@@InsiderPhD Haha.. Absolutely fine to use the online one... Was just curious thats all.. Thanks again Katie for all the information sharing.
Why dont you use the burp comparer to compare the cookies?
Are you looking for idors or broken acces control?
Katie could you please finish the "finding your first bug" series it's soo much helpful
Sooon I promise, I've been completely snowed under with day job work, I will definitely get back it to very soon.
@@InsiderPhD Thank you so much.. may god be with you
Hi Katie,
Isn't this will end up with session fixation? I followed the same procedure on a lot of programs on integriti where with the use of a non-authenticated cookie. I was able to get access to the account settings of the authenticated user and then I changed their email with my own & so I reported it as Account Takeover via IDOR. Is it really an IDOR or its Session Fixation bug
With the context you've given me, it sounds like an IDOR. Firefox Containers to my knowledge do isolate sessions, and if you're changing the cookies fully you should be okay. But if you wanna be sure you can always retest! It sounds like you did everything right, but without more context (that would disclose the bug) it's hard to know for sure, a triager will know better.
hi i just want to ask how to find id parameter means is there any way to find them automatically means like crawling web
Once you see one, you know that that app is likely to use them everywhere, but you can look out for RESTful APIs, check out my API video for more info!
So when we're bug hunting, we don't need to be (or shouldn't be) using Tor or a VPN?
Don’t need to be! Unless the program specifies it :)
Really good video .
Hey for comparing you could have used comparer of Burp . Any specific reason for not using it .
Yes I am an idiot and completely forgot it existed lmao
@@InsiderPhD Hey sorry if you felt bad I didn't mean it that way . It's greatness that you are sharing you knowledge with us and helping many . So many thanks for what your doing .
Lol don’t worry just good old british self deprecating humour! You’re all good!
Can't it be automated more ?
Here's something that's been confusing me for awhile. If you just copy and paste the cookie, aren't you essentially changing users? And how do people exploit that? because you'd have to steal their cookie first. I'm sure I'm just missing something.
Kinda, but the point is you don’t need User As cookies at all, so when you are hunting for IDORs you do something with User A, replace User As cookies with User B and hoping that User A account is affected rather than User B.
@@InsiderPhD Oh I get it! Okay that makes a lot of sense, like I said before this has been confusing me for awhile. Thanks
@@InsiderPhD can you explain “ you don’t need user As cookie at all “ what are u trying to say?
I Like your accent !!
i dit that on another site but instead of creating a post it was for creating a group, and i dont how, but it created 2 groups in one time i also used autorize in burpsuite, is this a legit bug that is worth reporting? i don't even remember every step i did..
I’m afraid for any bugs you need to be able to clearly tell people each step you took, also it sounds like that’s a race condition, I’d look up race conditions and see if you can replicate + increase the impact
@@InsiderPhD thanks for your response, i continued to hack and ended up being able to delete the group that i had created with the normal user directly from the attacker account but again i wasn't able to do it again while recording, i still did a report but without the video, can a report be accepted even without proof ? Thanks again you're very helpful.
Authorize is good for finding idor
Spoilers 🤐
Future video is going to go in depth on how to use Authorize
Why you use diff ?? There is a compare app built in burp right ??
Rohan Naik yes I forgot lmao
@@InsiderPhD but.. hey I just learned a new thing that diff exists .. 😂 😂 thanks for that .also you really seriously read all the comments 😯 😯 😯 😯 wow
Burp comparer: am I a joke to you?
Please make video about http request smuggling vulnerability.. 👍
I'm hoping to do a video on this, I am still trying to understand it myself!
@@InsiderPhD Check out Portswigger's enlightening labs on request smuggling: portswigger.net/web-security/request-smuggling.